Appl. No. 10/068,776 Express Mailing Label No.: 

Amendment Dated October 3, 2005 EV 462292389 US 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 

application: 

Listing of Claims: 

feiji. (Currently Amended) A method for providing secure network conmiunication, 
comprising: 

providing an intelligent network interface between a network and each device on 
the network; 

encrypting and decrypting critical data transmissions over the network using said 
inteUigent network interfaces; and 

centrally managing keys and algorithms used by said intelligent network 
interfaces for encrypting and decrypting critical data transmissions over the 
network with a central management console. 
{e3]2. (Currently Amended) The method of claim {e4^L further comprising each 
intelligent network interface providing protocol translation based on servlets provided by 
said CMC. 

fe^3, (Currently Amended) The method ofclaimfe^3^ wherein said protocol 
translation is selected from the any two protocols within a single layer of an ISO 7 layer 
protocol stack. 

fe4J4. (Currently Amended) Themethodof claim {©2^2, further comprising said CMC 
dynamically distributing proxy servlets to intelligent network interfaces based on 
distinguished name. 

fe§}5. (Currently Amended) The method of claim fe3];2^ further comprising said CMC 
dynamically distributing servlets to intelligent network interfaces based on distinguished 
name, said servlets selected from the group consisting of single sign-on servlets, 
distinguished name firewall servlets, auditing servlets, policy enforeement servlets, and 
web-fihering servlets. 

fe§}6. (Currently Amended) The method ofclaimfeS^vl, further comprising said CMC 
dynamically distributing servlets to intelligent network interfaces based on device, said 
servlets selected from the group consisting of fault tolerance automatic rollover servlets. 
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gateway intrusion detection servlets, multi-level firewall servlets, machine diagnostics 

servlets, virus scanning servlets, and security patching servlets. 

fe7}7. (Currently Amended) The method of claim {etj?l, further comprising: 

a first intelligent network interface associated with a first client sending a request 
to the central management console (CMC) with the identifying information about 
a connection that the first client wishes to send to a second client, said 
information including protocol, distinguished name, service, and header 
information; 

said CMC reviewing said connection against a network policy and determining 
denial or allowance of said connection and, upon allowance, further determining 
encryption algorithim, authentication required, keys for the connection, if the 
connection should be redirected to another device, and if the connection needs to 
be translated; 

said CMC sending a connection determination, including encryption and 
authentication algroithim(s), key(s), and any translation servlets required to said 
furst intelligent network interface; 

said first intelligent network interface initiating said connection with a second 
intelligent network interface associated with said second cUent by sending 
encrypted connection information; 

said second intelligent network interface querying said CMC with said encrypted 
connection information received from said first intelligent network interface, 
including a Security Paramaters Index (SPI) for said connection that uniquely 
identifies said connection between said first and second intelligent network 
interfaces. 

fe8}8. (Currently Amended) The method of claim feSj^Z^ wherein said authentication is 
selected firom the group consisting of useraame/password, biometric inputs, smart cards, 
tokens, and combinations thereof. 

fe9}9. (Currently Amended) The method of claim fel^L further comprising providing a 
plurality of CMCs on said network in a hierarchical configuration. 
feWJlO. (Currently Amended) The method for providing distinguished name single 
sign-on for users of host devices on a network comprising: 
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providing an intelligent network interface between a network and each device on 
the network; 

providing a central management console (CMC) on said network; 

a user providing a distinguished name and authentication to a first intelligent 

network interface attached to the user's host device; 

the first intelligent network interface verifying the user's authentication with the 
CMC such that when said user requests services fi-om a second device: 
the first intelligent network interface requests communication with said second 
device based on distinguished name; 

a second inteUigent network interface associated with said second device queries 
the CMC for permission and user authentication for the second device based on 
distinguished name; and 

the CMC provides user authentication information based on distinguished name to 

said second intelligent network interface to allow said second intelligent network 

interface to log the user into the second device. 
fel4}ii. (Currently Amended) A system for providing secure network 
communication, comprising: 

a network; 

a plurality of host devices connected to said network; 
an intelligent network interface between each host device and said network; 
means on each intelligent network interface for encrypting and decrypting critical 
data transmissions over the network; and 

at least one central management console for providing keys and algorithms used 

by said intelligent network interfaces for encrypting and decrypting critical data 

transmissions over the network. 
fe43}12. (Currently Amended) The system of claim roll]J l, wherein each 
intelligent network interface fiirther comprises: 

a CPU; 

memory; 

an I/O interface for the network; and 
a second I/O interface for the host device. 
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fe4^13. (Currently Amended) The system of claim rcl2L 12. wherein each 

intelligent network interface is implemented in a form selected from the group consisting 

of PCI cards, PCMCIA cards, rapid I/O-high bandwidth cards, and standalone devices. 

{ei4}14. (Currently Amended) The system of claim rol21J 2. wherein each 

intelligent network interface is implemented in a form selected from the group consisting 

of PCI NIC cards, PCMCIA NIC cards, rapid I/O-high bandwidth NIC cards, and 

standalone devices with an Ethemet second I/O interface. 

{el5}15. (Currently Amended) The system of claim [ol2]J 2, wherein each 

intelligent network interface fiuther comprises a serial line authentication port. 

fei6} 16 . (Currently Amended) The system of claim rol51J 5> wherein said serial 

line authentication port is a USB port. 

fel^l7. (Currently Amended) The system of claim [onj^ n, wherein said 
intelligent network interface further comprises parallel port authentication port. 
fel«}18. (Currently Amended) The system of claim |"cl2], 12, wherein said memory 
consists of flash memory for storing an OS and dynamic memory for applications. 
feW^ 19. (Currently Amended) The system of claim [ol2] , 12, wherein said memory 
consists of a hard drive for storing an OS and appHcations and random access memory 
for running said OS and applications. 

fe20}20. (Currently Amended) The system of claim fej^l2. wherein said 
inteUigent network interfaces have an OS that is distinct from said host devices. 
f62i^2i. (Currently Amended) The system of claim [cl2], 12, further comprising: 
an encryption accelerator on a field programmable gate array (FPGA) on said intelligent 
network interface. 

fe32}22. (Currently Amended) The system of claim [oll]> ll. further comprising: 
a set of dynamically distributable code fragments stored on said CMC for 
distribution to said inteUigent network interfaces; and 
means on each said intelligent network int e rfaces interface for using said code 
fragments to provide functions selected from the group consisting of: 
authentication, protocol translations, single sign-on, multi-level firewalling, 
distinguished-name based firewalling, centralized user management, machine 



-5- 



Appl. No. 1 0/068,776 Express Mailing Label No. : 

Amendment Dated October 3, 2005 EV 462292389 US 

diagnostics, proxying, fault tolerance, centralized patching, web filtering, virus 
scanning, auditing, and gateway intrusion detection. 
23-34 Canceled. 

{e^35. (Currently Amended) A method for firewalling based on distinguished 
name for users of host devices on a network comprising: 

providing an intelligent network interface between a network and each device on 

the network; 

providing a central management console (CMC) on said network; 

a user providing a distinguished name and authentication to a first inteUigent 

network interface attached to the user's host device; 

the first intelligent network interface verifying the user's authentication with the 
CMC; and 

the CMC dynamically distributing a firewall servlet to said intelligent network 
interface based on said distinguished name. 
36. Canceled. 
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